diff --git a/doc/source/domain_implementation.rst b/doc/source/domain_implementation.rst new file mode 100644 index 00000000..a026d2ff --- /dev/null +++ b/doc/source/domain_implementation.rst @@ -0,0 +1,134 @@ +.. + Copyright 2016 OpenStack Foundation + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + +================================== +Glance domain model implementation +================================== + +Gateway and basic layers +~~~~~~~~~~~~~~~~~~~~~~~~ + +The domain model contains the following layers: + +#. :ref:`authorization` +#. :ref:`notifier` +#. :ref:`property` +#. :ref:`policy` +#. :ref:`quota` +#. :ref:`location` +#. :ref:`database` + +The schema below shows a stack that contains the Image domain layers and +their locations: + +.. figure:: /images/glance_layers.png + :figwidth: 100% + :align: center + :alt: Image domain layers + +.. _authorization: + +Authorization +------------- + +The first layer of the domain model provides a verification of whether an +image itself or its property can be changed. An admin or image owner can +apply the changes. The information about a user is taken from the request +``context`` and is compared with the image ``owner``. If the user cannot +apply a change, a corresponding error message appears. + +.. _property: + +Property protection +------------------- + +The second layer of the domain model is optional. It becomes available if you +set the ``property_protection_file`` parameter in the Glance configuration +file. + +There are two types of image properties in Glance: + +* *Core properties*, as specified in the image schema +* *Meta properties*, which are the arbitrary key/value pairs that can be added + to an image + +The property protection layer manages access to the meta properties +through Glance’s public API calls. You can restrict the access in the +property protection configuration file. + +.. _notifier: + +Notifier +-------- + +On the third layer of the domain model, the following items are added to +the message queue: + +#. Notifications about all of the image changes +#. All of the exceptions and warnings that occurred while using an image + +.. _policy: + +Policy +------ + +The fourth layer of the domain model is responsible for: + +#. Defining access rules to perform actions with an image. The rules are + defined in the :file:`etc/policy.json` file. +#. Monitoring of the rules implementation. + +.. _quota: + +Quota +----- + +On the fifth layer of the domain model, if a user has an admin-defined size +quota for all of his uploaded images, there is a check that verifies whether +this quota exceeds the limit during an image upload and save: + +* If the quota does not exceed the limit, then the action to add an image + succeeds. +* If the quota exceeds the limit, then the action does not succeed and a + corresponding error message appears. + +.. _location: + +Location +-------- + +The sixth layer of the domain model is used for interaction with the store via +the ``glance_store`` library, like upload and download, and for managing an +image location. On this layer, an image is validated before the upload. If +the validation succeeds, an image is written to the ``glance_store`` library. + +This sixth layer of the domain model is responsible for: + +#. Checking whether a location URI is correct when a new location is added +#. Removing image data from the store when an image location is changed +#. Preventing image location duplicates + +.. _database: + +Database +-------- + +On the seventh layer of the domain model: + +* The methods to interact with the database API are implemented. +* Images are converted to the corresponding format to be recorded in the + database. And the information received from the database is + converted to an Image object. diff --git a/doc/source/images/glance_layers.png b/doc/source/images/glance_layers.png new file mode 100644 index 00000000..783737d8 Binary files /dev/null and b/doc/source/images/glance_layers.png differ diff --git a/doc/source/images_src/glance_layers.graphml b/doc/source/images_src/glance_layers.graphml new file mode 100644 index 00000000..5598c458 --- /dev/null +++ b/doc/source/images_src/glance_layers.graphml @@ -0,0 +1,363 @@ + + + + + + + + + + + + + + + + + + + + + + + Domain + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Router +api/v2/router.py + + + + + + + + + + + + + + + + + + + REST API +api/v2/* + + + + + + + + + + + + + + + + + + + Auth +api/authorization.py + + + + + + + + + + + + + + + + + + + Notifier +notifier.py + + + + + + + + + + + + + + + + + + + Policy +api/policy.py + + + + + + + + + + + + + + + + + + + Quota +quota/__init__.py + + + + + + + + + + + + + + + + + + + Location +location.py + + + + + + + + + + + + + + + + + + + DB +db/__init__.py + + + + + + + + + + + + + + + + + + + Registry (optional) +registry/v2/* + + + + + + + + + + + + + + + + + + + Data Access +db/sqlalchemy/api.py + + + + + + + + + + + + + + + + + + + A Client + + + + + + + + + + + + + + + + + + + Glance Store + + + + + + + + + + + + + + + + + + + DBMS + + + + + + + + + + + + + + + + + + + Property protection (optional) +api/property_protections.py + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/doc/source/index.rst b/doc/source/index.rst index 5a0092f1..ef912c71 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -53,6 +53,7 @@ Glance Background Concepts architecture database_architecture domain_model + domain_implementation identifiers statuses tasks